This blog is centered around work on the topics binary analysis and reverse engineering on x86 / x64, with a special focus on Windows. There might be something about malware analysis here and there, too.

Saturday, September 1, 2012

IDAscope beta update

Nothing much to blog about. Therefore, only a short update on IDAscope's progress.
I just pushed out a second beta version to the people that expressed interest in testing it. If you are interested, too, this announcement is still valid. ;)

Here is a list of changes/fixes included with the second beta:

Function Inspection:
-
Added functionality to create functions from unrecognized
code. This function will first try to find and convert function
prologues (push ebp; mov ebp, esp) and then convert the remaining
undefined code.
- Added functionality to identify and rename potential
wrappers (small functions with exactly one call referencing an API
function). Thanks to Branko Spasojevic for this contribution.

WinAPI:
-
Fixed path resolution for html files, should work on non-Windows
operating systems now, too. Thanks to Sascha Rommelfangen for fixing
this, I only have IDA versions on Windows available so I could hardly debug
this.
- Included a back/forward button to allow easier browsing of visited articles.